protected void submit_btn_Click(object sender, EventArgs e) { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); error_lb.Text = ""; bool pass = true; // overall validation bool mt = false; // empty check string salt = ""; string hashednew = ""; // checking if any fields are empty if (String.IsNullOrWhiteSpace(current_tb.Text) || String.IsNullOrWhiteSpace(new_tb.Text) || String.IsNullOrWhiteSpace(new2_tb.Text)) { error_lb.Text = "Please fill all fields. <br>"; mt = true; } if (!mt) { // checks if user exists var user = client.GetAccountByEmail(Session["email"].ToString()); // initializing hashing thingy SHA512Managed hashing = new SHA512Managed(); // salting plaintext and hashing after salt = user.Password_Salt; string saltedpw = current_tb.Text.Trim() + salt; string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw))); if (hashedpw != user.Password) { error_lb.Text = error_lb.Text + "Incorrect password <br>"; pass = false; } string saltednew = new_tb.Text.Trim() + salt; hashednew = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltednew))); if (hashednew == user.Password || hashednew == user.Password_Last || hashednew == user.Password_Last2) { error_lb.Text = error_lb.Text + "New password cannot be the same as current or previous 2 passwords <br>"; pass = false; } Regex pwRegex = new Regex(@"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}"); if (!pwRegex.IsMatch(new_tb.Text.Trim())) { error_lb.Text = error_lb.Text + "Please input a password that fulfills all criteria <br>"; pass = false; } TimeSpan span = DateTime.Now.Subtract(user.Password_Age); if (Convert.ToInt16(span.TotalMinutes) <= 5) { error_lb.Text = error_lb.Text + "You must wait " + (5 - Convert.ToInt16(span.TotalMinutes)).ToString() + " more minutes to change your password <br>"; pass = false; } } if (!mt && pass) { int result = client.ChangePassword(Session["email"].ToString(), hashednew); if (result == 1) { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Partner_Home.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } else { error_lb.Text = "Unable to change password. Please try again later."; } } }